edr-bypass
There are 67 repositories under edr-bypass topic.
klezVirus/inceptor
Template-Driven AV/EDR Evasion Framework
tkmru/awesome-edr-bypass
Awesome EDR Bypass Resources For Ethical Hacking
NUL0x4C/AtomPePacker
A Highly capable Pe Packer
VirtualAlllocEx/DEFCON-31-Syscalls-Workshop
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
thomasxm/BOAZ_beta
Multilayered AV/EDR Evasion Framework
georgesotiriadis/Chimera
Automated DLL Sideloading Tool With EDR Evasion Capabilities
WesleyWong420/RedTeamOps-Havoc-101
Materials for the workshop "Red Team Ops: Havoc 101"
f1zm0/acheron
indirect syscalls for AV/EDR evasion in Go assembly
Offensive-Panda/RWX_MEMEORY_HUNT_AND_INJECTION_DV
Abusing Windows fork API and OneDrive.exe process to inject the malicious shellcode without allocating new RWX memory region.
V-i-x-x/AMSI-BYPASS
"AMSI WRITE RAID" Vulnerability that leads to an effective AMSI BYPASS
VirtualAlllocEx/Create-Thread-Shellcode-Fetcher
This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)-webserver.
fortra/hw-call-stack
Use hardware breakpoints to spoof the call stack for both syscalls and API calls
VirtualAlllocEx/Direct-Syscalls-vs-Indirect-Syscalls
The following two code samples can be used to understand the difference between direct syscalls and indirect syscalls
dobin/antnium
A C2 framework for initial access in Go
mrexodia/lolbin-poc
Small PoC of using a Microsoft signed executable as a lolbin.
VirtualAlllocEx/Direct-Syscalls-A-journey-from-high-to-low
Start with shellcode execution using Windows APIs (high level), move on to native APIs (medium level) and finally to direct syscalls (low level).
njcve/inflate.py
Artificially inflate a given binary to exceed common EDR file size limits. Can be used to bypass common EDR.
voidvxvt/HellBunny
Malleable shellcode loader written in C and Assembly utilizing direct or indirect syscalls for evading EDR hooks
oldkingcone/BYOSI
Evade EDR's the simple way, by not touching any of the API's they hook.
0mWindyBug/MinifilterHook
silence file system monitoring components by hooking their minifilters
itaymigdal/PichichiH0ll0wer
Nim process hollowing loader
roadwy/SideloadFinder
frida based script which automates the process of discovering and exploiting DLL Hijacks in target binaries. The discovered binaries can later be weaponized during Red Team Operations to evade AV/EDR's.
VirtualAlllocEx/DSC_SVC_REMOTE
This code example allows you to create a malware.exe sample that can be run in the context of a system service, and could be used for local privilege escalation in the context of an unquoted service path, etc. The payload itself can be remotely hosted, downloaded via the wininet library and then executed via direct system calls.
coleak2021/hidedump
Hidedump:a lsassdump tools that may bypass EDR
Adkali/PowerJoker
PowerJoker is a Python program which generate a Dynamic PowerShell Reverse-Shell Generator; Unique Payloads with different results on Each Execution.
Chainski/PandaLoader
A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal console builder.
0xflux/Rust-Hells-Gate
Rust malware EDR evasion via direct syscalls, fully implemented as an example in Rust
WafflesExploits/CobaltStrike-YARA-Bypass-f0b627fc
Repository of scripts from my blog post on bypassing the YARA rule Windows_Trojan_CobaltStrike_f0b627fc by generating alternative shellcode sequences.
CodeXTF2/evasion-adventures-files
Slides and POC demo for my talk at Divizion Zero on EDR evasion titled "Evasion Adventures"
k3lpi3b4nsh33/BlindEdr
A Blind EDR Project for Educational Purposes
CroodSolutions/AutoPwnKey
AutoPwnKey is a red teaming framework and testing tool using AutoHotKey (AHK), which at the time of creation proves to be quite evasive. It is our hope that this tool will be useful to red teams over the short term, while over the long term help AV/EDR vendors improve how they handle AHK scripts.
EvilBytecode/Ntdll-Unhook
Unhook Ntdll.dll, Go & C++.
0xflux/ETW-Bypass-Rust
Event Tracing for Windows EDR bypass in Rust (usermode)
VirtualAlllocEx/Create_Thread_Inline_Assembly_x86
This POC provides the possibilty to execute x86 shellcode in form of a .bin file based on x86 inline assembly
x0reaxeax/SilentWrite
PoC arbitrary WPM without a process handle
melotic/nanostorm
An (WIP) EDR Evasion tool for x64 Windows & Linux binaries that utilizes Nanomites, written in Rust.